How to Check for Impacted LiteLLM Packages in Your SBOM

In March 2026, two malicious versions of the Python package litellm, specifically versions 1.82.7 and 1.82.8, were published on PyPI by the threat actor TeamPCP. These versions contained a credential harvester targeting SSH keys, cloud credentials, Kubernetes secrets, and .env files, along with a Kubernetes toolkit for lateral movement and a persistent systemd backdoor. Version 1.82.8 was particularly dangerous as it executed its payload on every Python process startup using a .pth file. Both versions have since been removed from PyPI. Arnica customers are advised to use their platform’s SBOM to search for the impacted packages and ensure no affected versions exist on any system, including all Python virtual environments. Further recommended actions include inspecting caches, isolating affected hosts, checking Kubernetes clusters for rogue pods, reviewing network logs, removing persistence mechanisms, and rotating any potentially exposed credentials.